CVE-2022-48545

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions xpdf version 4.02

Description The issue is related to an infinite recursion in the Catalog::findDestInTree function, which can cause a denial of service. This function is part of the xpdf software, used for viewing PDF files. The recursion is uncontrolled, allowing an attacker to exploit the issue and disrupt service.

Recommendations For xpdf version 4.02, consider disabling the Catalog::findDestInTree function as a temporary workaround to prevent potential denial of service attacks until a patch is available.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2023-07872

CVE-2022-48545

SUSE-SU-2023:4362-1

SUSE-SU-2023:4546-1

Affected Products

Suse

Xpdf

CVE-2022-48545

Weakness Enumeration

Related Identifiers

Affected Products

References · 33